Try our new research platform with insights from 80,000+ expert users

AWS WAF vs StackPath WAF comparison

Sponsored
 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cloudflare
Sponsored
Average Rating
8.6
Reviews Sentiment
7.1
Number of Reviews
76
Ranking in other categories
CDN (1st), Distributed Denial-of-Service (DDoS) Protection (1st), Managed DNS (1st), Cloud Security Posture Management (CSPM) (13th)
AWS WAF
Average Rating
8.0
Reviews Sentiment
7.6
Number of Reviews
59
Ranking in other categories
Web Application Firewall (WAF) (1st)
StackPath WAF
Average Rating
9.0
Reviews Sentiment
8.5
Number of Reviews
1
Ranking in other categories
Web Application Firewall (WAF) (31st)
 

Featured Reviews

Carlos Alam Hernandez Baruch - PeerSpot reviewer
Fast and secure deployments simplify operations for government and fintech clients
It is a fast and secure DNS. It is very easy to deploy, and my customers are happy with this tool. Additionally, the CDN performance in Mexico is excellent, providing fast service and tools. It offers reliability during high-traffic periods, ensuring no impact on the environment. It helps my clients avoid using on-premise boxes, simplifying operations as they only use the prices on Cloudflare.
Kavin Kalaiarasu - PeerSpot reviewer
AWS's cloud-native security simplifies rule enforcement but needs better DDoS integration
The dashboarding could be improved, and the default metrics provided by AWS WAF could be upgraded. The rate at which AWS updates their managed rule sets could be better. Features like bot protection or DDoS mitigation, available with other WAF vendors, do not come natively with AWS WAF. Instead, they are part of AWS Shield. Providing DDoS protection as part of their WAF solution would be beneficial.
FC
Stable product with an easy setup process
We use StackPath WAF to protect small websites for our customers The product’s most valuable is WAF. The authentication feature helps us protect WordPress sites. The product’s performance for caching feature needs improvement. It could provide high security to handle large traffic volumes for…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Cloudflare is a security SaaS provider that provides security and protects us from any application layer attack."
"From what I've seen so far, there are no negatives to report as of yet"
"Cloudflare offers CDN and DDoS protection. We have the front end, API, and database in how you structure applications."
"When using services like Heroku, Cloudflare is very useful for CNAME flattening. I also use it for their end-to-end SSL with TLS authentication on nginx for securing servers."
"The most valuable feature of Cloudflare is that it has a free version. They give us the free version with the anti-DDoS features and also the load balancing solution."
"We're using dynamic components to build flexible pages to create and manage Git merge requests for code and reviews."
"The DDoS protection is the most valuable aspect of the solution."
"Cloudflare allows us to self-host services such as Rocket.Chat and Node-RED, in high-availability mode, thanks to round robin DNS which allows us to share one hostname between our two locations."
"Some valuable features of AWS WAF include its seamless integration and ease of orchestration within the AWS platform."
"AWS WAF is something that someone from a cloud background or cloud security background leverages. If they want to natively use a solution in the cloud, AWS WAF comes in handy. It's very useful for that, and the way we can fine-tune the WAF rules is also nice."
"The product’s availability, ease of configuration, and documentation are valuable."
"It is Amazon. Everything is scalable. It is beyond what we need."
"I believe the most impressive features are integration and ease of use. The best part of AWS WAF is the cloud-native WAF integration. There aren't any hidden deployments or hidden infrastructure which we have to maintain to have AWS WAF. AWS maintains everything; all we have to do is click the button, and WAF will be activated. Any packet coming through the internet will be filtered through."
"The most valuable feature of AWS WAF is the extra layer of security that I have when connecting to my web applications."
"The most valuable feature is the addition of managed tools that help us create customizable rules. In case we want to block a particular request, we can make use of those rules."
"The automation of blocking for security attacks is valuable, with AWS applying rate limiting."
"The product’s most valuable is WAF. The authentication feature helps us protect WordPress sites."
 

Cons

"There might be helpful if there was some web application firewall feature."
"The tool needs to improve caching of servers. The product needs to include PFX certificate as well."
"There are some issues with the CDN services."
"Cloudflare doesn't have a reverse lookup. We can only do a DNS lookup to get the IP address from the hostname. It doesn't work if you want to look up the hostname from an IPA address."
"It would be beneficial for us if Cloudflare could offer a scrubbing solution. This would involve taking a snapshot of my website and keeping it live during a DDoS attack, ensuring uninterrupted service for our users. DDoS attacks are typically short in duration, and having Cloudflare maintain the site's availability from its secure network would enhance the overall user experience. I would appreciate it if Cloudflare could consider implementing this feature. Many organizations already utilize similar capabilities in their CDN platforms, where a static snapshot of the web page is displayed during DDoS attacks. In terms of features, Cloudflare needs to enhance its resilience and stay more focused on adopting new technologies. For instance, solutions like F5 XC Box, Access Solution, and Distributed Cloud Solution have impressive features, and Cloudflare should strive to match and exceed those capabilities. There's a need for improvement in areas like AI-based DDoS attacks and Layer 7 WAF features. Cloudflare should prioritize enhancements in areas such as behavioral DDoS and protection against SQL injection attacks, considering the prevalent trend of public exposure to the internet for business reasons. Overall, Cloudflare needs to invest more in advancing its feature set."
"Cloudflare's free plan is limited to 5,000 records for their free plan. They should increase that. For example, if I create a domain called abc.com and a subdomain called a.abc.com, my record count will be two. I can make a maximum of 5,000 subdomains. However, if we use our own DNS hosted on another provider, there is no limit. Their free plan also lacks name server customization."
"The analytics, basically the dashboard, doesn't have much to it."
"Cloudflare does not have an on-premise solution. If they had different approaches they could be better suited to accommodate more customers, such as on-premise and hybrid deployments. For example, hybrid deployments would be useful where you could move the traffic from the enterprise to the cloud."
"Compatibility and integration functionalities, especially with services like Kafka for event-driven messaging, could be better."
"One area that could be improved is the DDoS protection."
"The serverless product from AWS WAF could be improved. For example, they have only one serverless series, Lambda, but they should extend and improve it. Additionally, the firewall rules are not very easy to configure."
"The area of reporting in the product needs to have a proper format."
"The cost must be reduced."
"The user experience, the interface, is lacking. Sometimes it's hard to find certain areas that it has alerted on."
"AWS WAF should provide better protection to its users, and the security features need to improve."
"The solution's pricing could be improved."
"The product’s performance for caching feature needs improvement."
 

Pricing and Cost Advice

"So far I use free tier and happy with it. You can subscribe to business package if needed."
"The tool is a premium product, so it is very expensive."
"When you compare Cloudflare DNS to other solutions, such as Akamai, the price is reasonable."
"The product's pricing is cheap."
"It's a premium model. You can start at zero and work your way up to the enterprise model, which has a very high pricing level."
"In terms of licensing costs, we don't pay for licensing for Cloudflare. We only establish communication, then for peering, Cloudflare takes care of the cross-connection in different data centers."
"We are using the free tier of the solution."
"The price is reasonable."
"It has a variable pricing scheme."
"I rate the product price a five on a scale of one to ten, where one is high price, and ten is low price"
"AWS WAF costs $5 monthly plus $1 for the rule. It's cheap, cost-wise. It's worth the money."
"You need an additional AWS subscription for this product if you are buying a managed tool."
"Its price is fair. There is a very fair amount that they charge. It has a pay-as-you-go model, so it pretty much depends on how much a user uses it. As per the cloud norms, the more you use, the more you pay. I would rate it a five out of ten in terms of pricing."
"There are no costs in addition to the standard licensing fees."
"It's quite affordable. It's in the middle."
"AWS is not that costly by comparison. They are maybe close to $40 per month. I think it was between $29 or $39."
"The product is affordable."
report
Use our free recommendation engine to learn which Web Application Firewall (WAF) solutions are best for your needs.
862,499 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
15%
Comms Service Provider
11%
Financial Services Firm
10%
Manufacturing Company
7%
Computer Software Company
16%
Financial Services Firm
15%
Manufacturing Company
9%
Government
6%
No data available
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

Which is the best DDoS protection solution for a big ISP for monitoring and mitigating?
Cloudflare. We are moving from Akamai prolexic to Cloudflare. Cloudflare anycast network outperforms Akamai static GR...
Which would you choose - Cloudflare DNS or Quad9?
Cloudflare DNS is a very fast, very reliable public DNS resolver. It is an enterprise-grade authoritative DNS service...
What do you like most about Cloudflare?
Cloudflare offers CDN and DDoS protection. We have the front end, API, and database in how you structure applications.
What are the limitations of AWS WAF vs alternative WAFs?
Hi Varun, I have had experienced with several WAF deployments and deep technical assessments of the following: 1. Im...
How does AWS WAF compare to Microsoft Azure Application Gateway?
Our organization ran comparison tests to determine whether Amazon’s Web Service Web Application Firewall or Microsoft...
What do you like most about AWS WAF?
The most valuable feature of AWS WAF is its highly configurable rules system.
What do you like most about StackPath WAF?
The product’s most valuable is WAF. The authentication feature helps us protect WordPress sites.
What needs improvement with StackPath WAF?
The product’s performance for caching feature needs improvement. It could provide high security to handle large traff...
 

Comparisons

 

Also Known As

Cloudflare DNS
AWS Web Application Firewall
StackPath Web Application Firewall
 

Overview

 

Sample Customers

Trusted by over 9,000,000 Internet Applications and APIs, including Nasdaq, Zendesk, Crunchbase, Steve Madden, OkCupid, Cisco, Quizlet, Discord and more.
eVitamins, 9Splay, Senao International
Robotics Cats, Jewlr
Find out what your peers are saying about Amazon Web Services (AWS), F5, Microsoft and others in Web Application Firewall (WAF). Updated: July 2025.
862,499 professionals have used our research since 2012.